Overview

overview

10

Static

static

3

debeea6485...60.exe

windows7-x64

10

debeea6485...60.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    43c498cf3e4f835f38cec7a475bc5e2c.bin

  • Size

    378KB

  • Sample

    240408-bmk3zscc8x

  • MD5

    b3873f8416ade64f05d825a83013ca09

  • SHA1

    16fba97c03e6d6342c983679f30cf2f5d6d716a5

  • SHA256

    92f03cb717d62d79296e0b3b0802bcb73fabb9c02f412e8a6b0d7bf69dcaf118

  • SHA512

    314e5576635756373fe2cde93d778401bbaa1a54c7a33b1edd78a0a69309b8b2801be28e689f4aeffe0337c60b646968dd31358159691a83dcfe48ebf71a6b0a

  • SSDEEP

    6144:qOXlmvv/3EATgRr2wOd5g+6ew6bOAjCNYl+dsTUT6twmwgpuGeX1s+nH96de5XyY:qOVmvvv7cRa3dsew6Ks5FTelFLX1s+HZ

Score
10/10
smokeloaderpub3backdoortrojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2022

C2

http://sunvi.org/tmp/index.php

http://zarya-amura.ru/tmp/index.php

http://akros.in.net/tmp/index.php
rc4.i32
rc4.i32

Targets

    • Target

      debeea64857d020a5626850ad7f0b850b08dda331336e5e79004ec1d0fcc3a60.exe

    • Size

      1.1MB

    • MD5

      43c498cf3e4f835f38cec7a475bc5e2c

    • SHA1

      a810481973afefc920845d7f937b51201a09c58b

    • SHA256

      debeea64857d020a5626850ad7f0b850b08dda331336e5e79004ec1d0fcc3a60

    • SHA512

      cc7300050dfa3613aba9e74ed6373018a1011d3f8bf5ee65e9152b13ac2e9b7f577c56490b8c58f5506dcf11e025ae3695a639e3abeec3829033f21925e644f2

    • SSDEEP

      12288:EqMVbxllIU0til6szxaeaQlqPFXA4yKRahvbAi+a7B0nC7elWSohmL/fRzrM2u8U:EFlpmNQlULyKRahvbAiv9JzmLhzrnq7

    Score
    10/10
    smokeloaderpub3backdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks